Skip to main content
1. Introduction Storika Inc. (“Storika,” “we,” “us,” “our”) provides the Storika application (the “App”), which facilitates the sending of messages from brands (“Clients”) to social media creators (“Creators”) via Meta platforms (including, but not limited to, Instagram and Facebook Messenger). This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect the Personal Information (defined below) of Clients and Creators who interact with our App. Storika is committed to protecting the privacy of its users and complying with all applicable data protection laws and regulations, including, without limitation, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and Meta’s Platform Terms and Developer Policies. By accessing or using the App, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy. By accessing or using the App, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy. You also agree to be bound by the YouTube Terms of Service (https://www.youtube.com/t/terms)  2. Information We Collect For the purposes of this Policy, “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. We collect Personal Information in the following ways:
  • 2.1 Information You Provide Directly:
    • 2.1.1 Clients: When a Client registers for an account, we collect Personal Information such as the Client’s name, email address, company name, phone number, and billing information. Billing information is processed through a third-party payment processor, [Name of Processor, e.g., Stripe], and we do not store full credit card details on our servers. When a Client creates a campaign, we collect information about the brand, campaign objectives, and target audience, which may include Personal Information.
    • 2.1.2 Creators: Creators are not required to create an account to interact with messages sent via the App. However, when a Creator responds to a message sent by a Client through the App, we collect any Personal Information the Creator provides in their response, which may include, but is not limited to, their name, social media handle, contact information, and any other information they voluntarily disclose.
  • 2.2 Information from Meta Platforms:
    • 2.2.1 Clients: To facilitate the sending of messages, we utilize the Meta Application Programming Interfaces (APIs), including, but not limited to, the Messenger API and Instagram Graph API. We access only the minimum necessary Personal Information from the Client’s connected Meta account to enable message sending to Creators. This may include the Client’s Meta page ID, access tokens necessary for API authorization, and information about the authorized user associated with the Client’s account who is sending messages. We do not access or store the Client’s complete social media contact list or data unrelated to the provision of the App’s messaging functionality. Our use of information received from Meta APIs will adhere to Meta’s Platform Terms and Developer Policies, including any applicable limitations on use.
    • 2.2.2 Creators: When a Client sends a message to a Creator via the App, we receive information from Meta related to message delivery and interaction, such as delivery confirmation, open status, and link click-throughs. We may also receive the Creator’s public profile information (e.g., username, profile picture) as provided by the Meta API in the context of the specific message interaction. We do not collect or store Creator data beyond what is necessary for facilitating the message exchange initiated by the Client.
  • 2.3 Automatically Collected Information:
    • 2.3.1 Usage Data: We automatically collect information about how Clients interact with the App. This includes, but is not limited to, the Client’s Internet Protocol (IP) address, browser type, operating system, pages visited within the App, features utilized, and timestamps of access. This data is used for analytical purposes, troubleshooting, App improvement, and to maintain the security of the App.
    • 2.3.2 Cookies and Similar Technologies: We employ cookies and similar technologies (e.g., web beacons) to track Client activity within the App, store preferences, and enhance security. Clients can manage cookie preferences through their browser settings. For detailed information on our use of cookies, please refer to our Cookie Policy [Link to Cookie Policy - REQUIRED if you use cookies].
  • 2.4 Information Not Collected:
    • Storika does not request, collect, process, or store Sensitive Personal Information. “Sensitive Personal Information” includes, but is not limited to, social security numbers, information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
  • 2.5 Information from YouTube API Services:
    • Storika uses YouTube API Services to provide influencer marketing data. By using our Service, you acknowledge and agree that you are also bound by the **Google Privacy Policy **(https://www.google.com/policies/privacy). Through the YouTube API, we collect and store “Authorized Data” (if you connect your account) and “Public Data” (e.g., channel statistics, video metadata, view counts) directly from your device or account, which may involve the use of cookies or similar technologies to authenticate your access.
3. How We Use Your Information We use the Personal Information we collect for the following purposes:
  • 3.1 To Provide and Operate the Service: To enable Clients to send messages to Creators, manage their campaigns, and track message performance. This includes utilizing the Meta APIs to facilitate message delivery and retrieval of necessary interaction data.
  • 3.2 To Communicate with Clients: To send transactional communications (e.g., account registration confirmations, billing notifications, password reset emails), respond to Client inquiries, and provide customer support.
  • 3.3 To Improve the App: To analyze usage data, identify trends, diagnose technical issues, develop new features, and enhance the overall user experience of the App.
  • 3.4 To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes (e.g., subpoenas, court orders), and lawful requests from government authorities.
  • 3.5 For Security Purposes: To protect the App, our Clients, and Creators from fraudulent activity, unauthorized access, misuse, and other potential security threats.
  • 3.6 With Your Consent: For any other purpose disclosed to you at the time we collect your Personal Information, provided we have obtained your explicit consent, where required by applicable law.
  • **3.7 To Provide YouTube Analytics and Creator Discovery: **We use API Data retrieved from YouTube API Services to: (i) track campaign performance, verify content uploads (e.g., checking for required hashtags); (ii) identify and recommend potential YouTube creators that match our Client’s campaign criteria (e.g., creating candidate shortlists based on subscriber count, engagement metrics, or content keywords); and (iii)  generate analytics reports for our Clients. We do not use this data for surveillance or any unauthorized purposes.
4. How We Share Your Information We do not sell, rent, or lease your Personal Information to third parties. We may share your Personal Information in the following limited circumstances:
  • 4.1 With Meta: We share information with Meta as necessary to provide the core messaging functionality of the App through the Meta APIs. This sharing is strictly governed by Meta’s Platform Terms and Developer Policies, and we only share the minimum information required for API operation.
  • 4.2 With Service Providers: We engage third-party service providers to assist with various aspects of our operations, including payment processing (e.g., Stripe), data hosting, analytics, and customer support. These service providers are contractually bound to protect your Personal Information and are authorized to use it only for the specific purposes for which we have engaged them and in accordance with this Privacy Policy and applicable data protection laws. A list of our current sub-processors is available upon request.
  • 4.3 Between Clients and Creators: When a Client sends a message to a Creator via the App, the Creator’s response, including any Personal Information provided by the Creator, is shared with the Client. This is inherent to the functionality of the App.
  • 4.4 For Legal Reasons: We may disclose Personal Information if we are required to do so by law, legal process (e.g., a subpoena or court order), or in response to a valid request from a government or law enforcement authority. We may also disclose Personal Information if we believe it is necessary to protect our rights, property, or safety, or the rights, property, or safety of others, or to investigate suspected fraud or violations of our Terms of Service.
  • 4.5 In Connection with a Business Transfer: In the event of a merger, acquisition, reorganization, sale of all or a portion of our assets, or bankruptcy proceeding, your Personal Information may be transferred to a successor or acquiring entity. We will provide notice on our App and/or via email of any such transfer and any choices you may have regarding your Personal Information.
  • **4.6 With YouTube/Google: **Our use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. We may share aggregated YouTube campaign performance data with our Clients (External Parties) to demonstrate campaign results. We do not sell YouTube API Data to third parties.
5. Your Rights and Choices Subject to applicable law, you may have the following rights regarding your Personal Information:
  • 5.1 Access: You have the right to request access to the Personal Information we hold about you and to receive a copy of that information.
  • 5.2 Rectification: You have the right to request that we correct any inaccurate or incomplete Personal Information we hold about you.
  • 5.3 Erasure (“Right to be Forgotten”): You have the right to request the deletion of your Personal Information, subject to certain exceptions permitted by law (e.g., legal obligations to retain data).
  • 5.4 Restriction of Processing: You have the right to request that we restrict the processing of your Personal Information under certain circumstances, such as when you contest the accuracy of the data or object to the processing.
  • 5.5 Objection to Processing: You have the right to object to the processing of your Personal Information under certain circumstances, including processing based on legitimate interests or for direct marketing purposes.
  • 5.6 Data Portability: You have the right to receive a copy of your Personal Information in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
  • 5.7 Withdrawal of Consent: Where we process your Personal Information based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • **5.8 Revocation of YouTube Access: **You can revoke Storika’s access to your YouTube data at any time via the **Google Security Settings **page. (https://security.google.com/settings/security/permissions) 
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe, and in any event, within the timeframes required by applicable law. We may need to verify your identity before fulfilling your request. 6. Data Security Storika implements and maintains appropriate technical and organizational security measures designed to protect Personal Information from unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to, data encryption in transit and at rest, access controls, regular security assessments, and employee training on data protection. However, no data transmission over the Internet or method of electronic storage is completely secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. 7. Data Retention We retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will retain Client account information for the duration of the Client’s active account and for a reasonable period thereafter to comply with legal and accounting obligations. We will retain message data for a period of ninety (90) days following the transmission of the message, unless the Client requests earlier deletion or a longer retention period is required by law. Notwithstanding the foregoing, all data retreived via YouTube API Services is stored for a maximum of thirty (30) days. After this period, such data is either deleted or refreshed via the API, in strict compliance with YouTube Developer Policies. 8. International Data Transfers Your Personal Information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from, and potentially less protective than, the laws of your jurisdiction. Where we transfer your Personal Information to countries outside of your jurisdiction, we will take appropriate safeguards to ensure that your Personal Information remains protected in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include, but are not limited to, implementing Standard Contractual Clauses approved by the European Commission (or equivalent measures for other jurisdictions) or relying on the recipient’s participation in a recognized data transfer framework (e.g., EU-U.S. Data Privacy Framework). 9. Children’s Privacy The App is not intended for use by individuals under the age of sixteen (16). We do not knowingly collect Personal Information from children under 16. If we become aware that we have inadvertently collected Personal Information from a child under 16, we will take prompt steps to delete the information from our records. 10. Changes to this Privacy Policy We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes to this Policy, we will provide notice by posting the revised Policy on the App and updating the “Effective Date” and “Last Updated” date at the top of this Policy. In some cases, we may also provide notice via email or other prominent means. We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of the App after the effective date of any revised Privacy Policy constitutes your acceptance of the revised terms. 11. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices (including those related to YouTube API Services), please contact us at: STORIKA INC. Attn: Privacy Officer BRICE J LEE 1259 EL CAMINO REAL UNIT 1321 MENLO PARK, CA 94025 Email: [email protected] This improved version includes:
  • Formal Legal Tone: Uses more precise legal terminology (e.g., “Personal Information” instead of “personal information,” “including, but not limited to,” “without limitation,” “subject to applicable law”).
  • Definitions: Defines “Personal Information” clearly.
  • Specificity: Provides more detail about the types of data collected, how it’s used, and how it’s shared, especially regarding Meta APIs.
  • Data Processing Addendum (DPA) Mention (Implicit): Although not explicitly called a DPA, the sections on Meta API usage and service providers implicitly cover many of the requirements of a DPA. You should still have a separate DPA with Clients. This privacy policy references the need for contractual obligations with service providers.
  • Sub-processor List: States that a list of sub-processors is available upon request (best practice).
  • Cookie Policy Reference: Strongly recommends a separate Cookie Policy and links to it.
  • Legal Basis (Implicit): The “How We Use Your Information” section implicitly outlines the legal bases for processing (contract performance, legitimate interest, legal obligation, consent).
  • Data Subject Rights: Expands on data subject rights with more legally precise language.
  • International Data Transfers: Provides more detail on safeguards for international data transfers.
  • Retention Period: Specifies a concrete retention period for message data (90 days). You must choose a period that is justifiable and complies with Meta’s policies.
  • Security Measures: While still general, the description of security measures is more robust.
  • California Specific Rights: The rights for California Residents have been streamlined and included in section 5.
This version is significantly more legally sound and compliant. However, it is still essential that you have a qualified legal professional review and customize this policy to ensure it accurately reflects your specific practices and complies with all applicable laws and regulations, including Meta’s ever-changing policies.